automatic radcheck user addition - is it possible?
Hi, I've had a great success using freeradius with Coova Chilli to make a wifi hotspot and authenticate users by Mac address (so that users see a "splash" page and then click to gain Internet access). Now I'm wondering if its possible to make freeradius insert an unknown (and, therefore, normally unauthenticated) user into the radcheck/radusergroup tables IF they don't already exist in there? I'm interested in doing this so that I can transparently use freeradius to monitor Internet usage (by mac address again) without needing them to use my web ["splash"] pages at all (so that web access isn't necessary). thanks for any help! Derek
Now I'm wondering if its possible to make freeradius insert an unknown (and, therefore, normally unauthenticated) user into the radcheck/radusergroup tables IF they don't already exist in there?
Yes. Use perl script to do that and list perl before sql in authorize. But I seriously doubt it will have any effect on the captive portal. Ivan Kalik Kalik Informatika ISP
Hi Ivan, Now that I'm very happy using freeradius for a captive portal it dawned on me that it would be great to use it for accounting without the captive portal / access pages bit and that's why I was emailing the list. It sounds doable so which is great - I'll give it a try! thanks, Derek On Mon, April 20, 2009 2:10 pm, tnt@kalik.net wrote:
Now I'm wondering if its possible to make freeradius insert an unknown (and, therefore, normally unauthenticated) user into the radcheck/radusergroup tables IF they don't already exist in there?
Yes. Use perl script to do that and list perl before sql in authorize. But I seriously doubt it will have any effect on the captive portal.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Ivan,
Now that I'm very happy using freeradius for a captive portal it dawned on me that it would be great to use it for accounting without the captive portal / access pages bit and that's why I was emailing the list.
It sounds doable so which is great - I'll give it a try!
Hm, and what is going to do accounting and send info to freeradius? Ivan Kalik Kalik Informatika ISP
Hi Ivan, Coova Chilli I'm hoping - if it finds that every user (by mac) is authenticated (by pre-loading the mac into radcheck so that coova chilli gets the OK each time). So, I'm hoping, it'll be just like a captive portal except that the user's will never be subjected to the pre-auth web pages Unless I'm missing something by how Coova Chilli & freeradius are working (I might be...) Derek On Mon, April 20, 2009 6:32 pm, tnt@kalik.net wrote:
Hi Ivan,
Now that I'm very happy using freeradius for a captive portal it dawned on me that it would be great to use it for accounting without the captive portal / access pages bit and that's why I was emailing the list.
It sounds doable so which is great - I'll give it a try!
Hm, and what is going to do accounting and send info to freeradius?
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Derek When client get ip address from chilli dhcp, if you set chilli for authenticate mac address, chilli send the mac of client and password that you set in chilli.conf to freeradius, the same way that send username and password, if the mac address is in radcheck and the passward is the same in chilli.conf, freeradius reply for chilli an Autorized message, if not a reject message then chilli show the loging page or homepage, depends of your chilli settings, so you can get all data that you want before add this mac address like autorized user. I'm not sure, in this point but i guess the user must be exists in database before freeradius start to authorize it, if you add some user i guess you need restart freeradius to activate it. Fabián Omar Franzotti Resistencia - Chaco Argentina ----- Original Message ----- From: "Derek C" <derekfreeradius@hssl.ie> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Cc: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Monday, April 20, 2009 4:44 PM Subject: Re: automatic radcheck user addition - is it possible? Hi Ivan, Coova Chilli I'm hoping - if it finds that every user (by mac) is authenticated (by pre-loading the mac into radcheck so that coova chilli gets the OK each time). So, I'm hoping, it'll be just like a captive portal except that the user's will never be subjected to the pre-auth web pages Unless I'm missing something by how Coova Chilli & freeradius are working (I might be...) Derek On Mon, April 20, 2009 6:32 pm, tnt@kalik.net wrote:
Hi Ivan,
Now that I'm very happy using freeradius for a captive portal it dawned on me that it would be great to use it for accounting without the captive portal / access pages bit and that's why I was emailing the list.
It sounds doable so which is great - I'll give it a try!
Hm, and what is going to do accounting and send info to freeradius?
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Coova Chilli I'm hoping - if it finds that every user (by mac) is authenticated (by pre-loading the mac into radcheck so that coova chilli gets the OK each time).
So, I'm hoping, it'll be just like a captive portal except that the user's will never be subjected to the pre-auth web pages
So you do relize that captive portal needs to ask. You can create scripts that fill and submit pages for the user but user *has* to at least start the browser for portal session to be activated. And to click on the logout link to close it (although you can timeout the session on inactivity). Ivan Kalik Kalik Informatika ISP
So you do relize that captive portal needs to ask. You can create scripts that fill and submit pages for the user but user *has* to at least start the browser for portal session to be activated. And to click on the logout link to close it (although you can timeout the session on inactivity).
Hi Ivan, Ok - this is the point I guess. Does Coova Chilli need a HTTP web request before it'll ask the freeradius server if the user has access or will any traffic do? if the latter that's fine - otherwise, like you say, the user has to at least start the browser to get things going thanks Derek
Ok - this is the point I guess. Does Coova Chilli need a HTTP web request before it'll ask the freeradius server if the user has access or will any traffic do?
AFAIK you have to use the browser. All other traffic will simply be - ignored. But you can ask on Coova site - perhaps they know something more. Ivan Kalik Kalik Informatika ISP
CoovaChilli is really only designed to do logins via a web page. Very detailed information as to how to setup CoovaChilli on Ubuntu can be found here: https://help.ubuntu.com/community/WifiDocs/CoovaChilli . Thanks, -Dryw Paulic -----Original Message----- From: freeradius-users-bounces+dpaulic=tranzeo.com@lists.freeradius.org [mailto:freeradius-users-bounces+dpaulic=tranzeo.com@lists.freeradius.or g] On Behalf Of tnt@kalik.net Sent: April 20, 2009 3:33 PM To: FreeRadius users mailing list Subject: Re: automatic radcheck user addition - is it possible?
Ok - this is the point I guess. Does Coova Chilli need a HTTP web request before it'll ask the freeradius server if the user has access or will any traffic do?
AFAIK you have to use the browser. All other traffic will simply be - ignored. But you can ask on Coova site - perhaps they know something more. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
Derek C -
Dryw Paulic -
Fabián Omar Franzotti -
tnt@kalik.net